Vulnerability Analyst, Senior

About

We are seeking a highly skilled and innovative Vulnerability Analyst, Senior to join our team in the greater DMV area, supporting the Army National Guard.

Responsibilities

• Establish and govern enterprise vulnerability management strategy: scanning methodologies, validation protocols, and assessment standards aligned with RMF, DoD, and Army requirements.
• Oversee analysis of vulnerability outputs (ACAS, Forescout, STIG findings, etc.) to adjudicate risk, confirm exploitability, and drive accurate POA&M entries and eMASS/evidence updates.
• Correlate vulnerability data with asset inventories, configuration baselines, patch management records, and change control to ensure remediation accountability and enterprise visibility.
• Direct remediation validation: coordinate with system owners and engineering teams to verify fixes, retest corrections, and close recurring compliance gaps.
• Produce executive‑grade vulnerability trend analyses, CCRI readiness assessments, risk briefings, and dashboard metrics to inform leadership decision‑making.
• Lead continuous improvement of VM workflows, detection/prioritization criteria, reporting standards, and automation to enhance continuous monitoring efficacy.
• Support incident response and threat‑driven remediation by providing vulnerability context, exploitability analysis, and prioritized mitigation guidance.

Qualifications

• Minimum of 8 years with BS/BA; Minimum of 6 years with MS/MA; Minimum of 3 years with PhD
• Clearance: Active TS/SCI clearance.
• Candidate must meet ONE of the following:
  • Bachelor’s degree in Computer Science, Cybersecurity, Data Science, Information Systems, Information Technology, Software Engineering, or a related field; OR
  • Relevant DoD/military training (example: Cyber 101); OR
  • Relevant professional certification or equivalent experience (examples: SecurityX/CASP+; CCISO; CCSP; CISM; CISSO; CISSP; GSLC).
• Required experience and skills:
  • Vulnerability management, cybersecurity operations, or risk assessment experience with at least 3 years in senior VM or program‑level roles.
  • Deep expertise with ACAS/NESSUS, Forescout/NAC, STIG/SRG interpretation, eMASS POA&M workflows, and vulnerability adjudication methodologies.
  • Strong capability correlating vulnerabilities to assets/configuration baselines, assessing exploitability, and producing actionable remediation plans.
  • Proven experience producing dashboards, trend analyses, and executive briefings on vulnerability posture and remediation progress.
  • Familiarity with automation for scanning, ticketing integration, and evidence collection to support RMF/ATO processes.
• Desired:
  • Prior DoD/ARNG VM leadership or CCRI support experience.
  • Experience integrating VM with detection engineering, patch orchestration, and threat intelligence to enable prioritized, threat‑informed remediation.